package com.axing.xingxiang_interface.controller;
import com.axing.xingxiangclientsdk.utils.SignUtils;
import org.springframework.http.ResponseEntity;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping("/name")
public class UserController {

    @GetMapping("/")
    public String getUserNameUsingGet(String name) {
        return "GET name: " + name;
    }

    /**
     *
     *小tips @getm @postm生成controller模板
     */

    
    @PostMapping("/")
    public ResponseEntity<java.lang.String> getUserNameUsingPost(String name) {
        return ResponseEntity.ok("Post: name" + name);
    }


    @PostMapping("/user")
    public ResponseEntity<java.lang.String> getUserNameUsingPost1(String name,HttpServletRequest request) {
        String accessKey = request.getHeader("accessKey");
        String nonce = request.getHeader("nonce");
        String timestamp = request.getHeader("timestamp");
        String sign = request.getHeader("sign");
        String body = request.getHeader("body");
        // todo 实际情况在数据库中查
        if(!accessKey.equals("axing")) {
            throw new RuntimeException("无权限");
        }
        if (Long.parseLong(nonce) > 10000) {
            throw new RuntimeException("无权限");
        }
        //时间不能超过五分钟
        // todo secretKey 应该从数据库中拿取
        String serverSign = SignUtils.genSign(body,"abcd");
        if(!sign.equals(serverSign)) {
            throw new RuntimeException("无权限");
        }
        return ResponseEntity.ok("Post: name" + body);
    }

}
